Last week, the New York Times published a brief profile of privacy and security researcher Runa Sandvik.
Well known in the security community, Sandvik has been working at the New York Times since March 2016, boosting the security and privacy of journalists, anonymous sources, and indeed subscribers.
She recalled beginning to ask herself, “What are ways that I can take what I know about information security, and about hacking — the ways you would go after a reporter, for example — and use that to support and defend and empower the people, as opposed to just figuring out how to break stuff?”
Since coming to The Times in March 2016, she has continued to ask herself that question and to weave her background into the way the newsroom functions.
It’s a good piece, and I’m glad to see a decent profile of someone who protects against malicious hackers rather than those who have made a name of themselves through their misdeeds.
No-one should underestimate the very real theat that media organisations such as the New York Times face from hackers. There are plenty of parties who would be interested to read what such a newspaper might be investigating, and who might be their anonymous sources of information.
Readers may remember that back in 2013 it was revealed that the New York Times had been targeted by Chinese hackers for months. The hackers had infiltrated the newspaper’s network, broke into senior staff members’ email accounts, stole the password of every employee, and gained access to the PCs of 53 employees.
Newspapers need to be protected from hackers just as much as multinational companies or governments, and it’s good to know that media firms are hiring security experts like Sandvik to better protect their systems.